{"affected":[{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.1.12-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP1","name":"pdns-recursor","purl":"pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.12-bp151.4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.1.12-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"pdns-recursor","purl":"pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.12-bp151.4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.1.12-bp151.4.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"pdns-recursor","purl":"pkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.12-bp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for pdns-recursor fixes the following issues:\n\n- update to 4.1.16\n  * fixes an issue where records in the answer section of\n    a NXDOMAIN response lacking an SOA were not properly validated\n    (CVE-2020-12244, boo#1171553)\n  * fixes an issue where invalid hostname on the server can result in\n    disclosure of invalid memory (CVE-2020-10030, boo#1171553)\n  * fixes an issue in the DNS protocol has been found that allows\n    malicious parties to use recursive DNS services to attack third\n    party authoritative name servers (CVE-2020-10995, boo#1171553)\n\nFor details see\nhttps://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16\n\n","id":"openSUSE-SU-2020:0698-1","modified":"2020-05-23T07:22:00Z","published":"2020-05-23T07:22:00Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LEZPG4GM5KFH6L7EPATOSNLDHKRJP667/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1171553"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10030"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10995"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12244"}],"related":["CVE-2020-10030","CVE-2020-10995","CVE-2020-12244"],"summary":"Security update for pdns-recursor","upstream":["CVE-2020-10030","CVE-2020-10995","CVE-2020-12244"]}